Private keys are secret. These keys should never need to leave the
firewall, with the exception of backups. The CA does not need the private key
to sign a request.

TNSR can generate RSA key pairs with sizes of 2048, 3072, or 4096 bits. Larger
keys are more secure than shorter keys. RSA Keys smaller than 2048 bits are no
longer considered secure in practice, and are thus not allowed.

Next, copy the key file to TNSR and start the CLI from the directory containing
this file. The filename extension is not significant, and may be key,
pem, txt, or anything else depending on how the file was
originally created.